package com.example.config;


import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

/**
 * 安全控制中心
 */
@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)//开启security注解
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private AuthenticationSuccessHandler myAuthenticationSuccessHandler;
    @Autowired
    private AuthenticationFailureHandler myAuthenticationFailHandler;



    @Autowired
    private AuthenticationProvider provider;  //注入我们自己的AuthenticationProvider

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        // TODO Auto-generated method stub
//        auth.inMemoryAuthentication()
//            .withUser("user").password("user").roles("USER")
//            .and()
//            .withUser("admin").password("admin").roles("ADMIN");
        auth.authenticationProvider(provider);


    }
    /**
     * http.authorizeRequests()
     .anyRequest().authenticated()
     .and().formLogin().loginPage("/login")
     //设置默认登录成功跳转页面
     .defaultSuccessUrl("/index").failureUrl("/login?error").permitAll()
     .and()
     //开启cookie保存用户数据
     .rememberMe()
     //设置cookie有效期
     .tokenValiditySeconds(60 * 60 * 24 * 7)
     //设置cookie的私钥
     .key("")
     .and()
     .logout()
     //默认注销行为为logout，可以通过下面的方式来修改
     .logoutUrl("/custom-logout")
     //设置注销成功后跳转页面，默认是跳转到登录页面
     .logoutSuccessUrl("")
     .permitAll();
     * @param http
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //解决不允许显示在iframe的问题
        http.headers().frameOptions().disable();



        http
        .formLogin()
            .loginPage("/login")
            .loginProcessingUrl("/login/form")
            //.failureUrl("/login-error")
            //.defaultSuccessUrl("/helloHtml")
            .successHandler(myAuthenticationSuccessHandler)//登陆成功处理
            .failureHandler(myAuthenticationFailHandler)//登陆失败处理
            .permitAll()  //表单登录，permitAll()表示这个不需要验证 登录页面，登录失败页面
        .and()
            .logout()
            .permitAll()
        .and()
            .httpBasic()
        .and()
            .authorizeRequests()
//          .antMatchers("/index").permitAll()
            //.antMatchers("/whoim").hasRole("ADMIN")
                .anyRequest().access("@rbacService.hasPermission(request,authentication)")    //必须经过认证以后才能访问
//            .anyRequest().authenticated() //必须经过认证以后才能访问
//            .anyRequest()
//            .authenticated()

        .and()
            .csrf().disable();


//        http
//            .formLogin()
//            .loginPage("/login")
//            .loginProcessingUrl("/login/form")
//            //.failureUrl("/login-error")
//            //.defaultSuccessUrl("/helloHtml")
//            .successHandler(myAuthenticationSuccessHandler)//登陆成功处理
//            .failureHandler(myAuthenticationFailHander)//登陆失败处理
//            .permitAll()  //表单登录，permitAll()表示这个不需要验证 登录页面，登录失败页面
//            .and()
//            .logout()
//            .permitAll()
//            .and()
//            .authorizeRequests()
////          .antMatchers("/index").permitAll()
////          .antMatchers("/whoim").hasRole("ADMIN")
////          .antMatchers(HttpMethod.POST,"/user/*").hasRole("ADMIN")
////           .antMatchers(HttpMethod.GET,"/user/*").hasRole("USER")
//            .anyRequest().access("@rbacService.hasPermission(request,authentication)")    //必须经过认证以后才能访问
//            .anyRequest().authenticated() //必须经过认证以后才能访问
//            .anyRequest()
//            .authenticated()
//            .and()
//            .csrf().disable();

    }

}


